Soft logout disables encryption when logging back in

[turt2live]

Soft logout is when the server logs the user out but intends for them to reauthenticate to keep their encryption state. Usually this is associated with the session_lifetime in Synapse (for example).

When the server issues a soft logout, we're supposed to let the user restore their encryption state by logging back in. However, when the user logs back in after a soft logout we fail to set up crypto properly and permanently break it for that session - the user needs to log out and back in fully to recover.

This screen is not commonly encountered by regular users, but is seen often by enterprise-style usecases.

[blaa]

Is the "soft logout" visible at all? I'm considering creating a bug for an issue, and this might be related:

• I've got 3 logged in accounts (2x android, 1x desktop/flatpak).
• Own server.
• Talking with a friend using mobile element on android.

Suddently one of androids starts sending UNENCRYPTED messages (also: dropped info about channel title, doesn't recognize itself as channel administrator, still decrypts other devices).

This seems quite fatal because the user is not informed at all that he suddently dropped out of e2e and starts sending unencrypted messages. Only other sessions (mine, and my friend's) started showing the messages as unencrypted.

Logging out and relogin on the broken device fixed the issue, but e2e in element is unusable like that. Can't be trusted.

[turt2live]

Soft logout is a very visible flow to the user. It sounds like the issue you're facing isn't related to Web at all though, so would be best placed in another issue tracker.